Configuring Simple Filters on Enhanced Queuing DPCs
You can configure and apply a simple filter to perform multifield classification on the ingress interfaces of an MX Series router with Enhanced Queuing DPCs. These simple filters can be used to override default CoS classification parameters such as forwarding class or loss priority. Simple filters, in contrast to other firewall filters, only support a subset of the full firewall filter syntax.
To configure a simple filter, include the simple-filter
statement at the [edit firewall family inet]
hierarchy
level:
[edit firewall family inet] simple-filter filter-name { term term-name { from { ... match-conditions... } then { forwarding-class class-name; loss-priority priority; } } }
The following example configures a simple filter to detect ingress
packets from various source addresses (10.1.1.1/32
, 10.10.10.10/32
, and 10.4.0.0/8
), destination addresses
(10.6.6.6/32
), protocols (tcp
), and source ports
(400-500
, http
). The filter then assigns various
forwarding classes and loss priorities to the filtered traffic. Finally,
the filter is applied to the input side of an Enhanced Queuing DPC
interface (ge-2/3/3
).
[edit] firewall { family inet { simple-filter sf-for-eq-dpc { term 1 { from { source-address 10.1.1.1/32; protocol tcp; } then loss-priority low; } term 2 { from { source-address 10.4.0.0/8; source-port http; } then loss-priority high; } term 3 { from { destination-address 10.6.6.6/32; source-port 400-500; } then { loss-priority low; forwarding-class best-effort; } } term 4 { from { forwarding-class expedited-forwarding; source-address 10.10.10.10/32; } then loss-priority low; } term 5 { from { source-address 10.10.10.10/32; } then loss-priority low; } } } } interfaces { # Apply the simple filter above to the input side of the interface. ge-2/3/3 { unit 0 { family inet { simple-filter { input sf-for-eq-dpc; } } } }